From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <Tech@CryptoPhoto.com>
Received: from srve.com (srve.com [208.69.183.6])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Mon,  7 Apr 2014 18:23:00 +0200 (CEST)
Date: Tue, 8 Apr 2014 02:22:47 +1000
From: Chris Drake <Tech@CryptoPhoto.com>
Message-ID: <914180841.20140408022247@CryptoPhoto.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: [dm-crypt] Where to put the bundled metadata?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Hi,

This page:
https://source.android.com/devices/tech/security/dm-verity.html#heading=h.tkceh5wnx7z2

Has a 6-step "Implementation" summary, with the last step reading:

" 6. Concatenate the system image, the verity metadata, and the hash
  tree. "

However - it fails to suggest what to do with the result.

My *guess* is that most of the steps 1-5 are being performed by
"veritysetup create ...", however, that utility has no option to
supply a key with which to sign with - so can someone tell me what
steps I need to take next ?

Kind Regards,
Chris Drake